Tuesday, March 5, 2019

How to Convert an OVA Image to an AWS EC2 Instance

1. Create an S3 Bucket to import the OVA Image.

2. Upload the OVA Image via the browser. (Pro Tip: If the OVA has a long and complicated name, rename it. Your going to be using the command line.)

3. Install the AWS CLI and Python onto your Laptop

https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html

4. Verify via CMS that python --version and pip --version is working and you get a response.

Example:
C:\Users\ubuntu.power>pip --version
pip 19.0.1 from c:\users\ubuntu.power\appdata\local\programs\python\python37-32\lib\site-packages\pip (python 3.7)

C:\Users\ubuntu.power>python --version
Python 3.7.2

FYI. You can also use PowerShell
https://docs.aws.amazon.com/powershell/latest/userguide/pstools-getting-set-up-windows.html

5. You will need your AWS Secret ID and Key from IAM. Generate a new one if you forgot it or haven't use it or just plain don't know it.

https://blog.migrationking.com/2019/03/how-to-quickly-setup-aws-cli-on-windows.html

Note: Make sure you can run an aws command like the following with output:

aws s3 ls

6. AWS Import/Export Guide:
https://docs.aws.amazon.com/vm-import/latest/userguide/vm-import-ug.pdf

7. Convert from an OVA File:

http://www.daniloaz.com/en/how-to-create-a-sentilo-aws-ec2-instance-from-an-ova-file/

8. In order to import the OVA file, you have to save it to a location on your local machine where you can point to the path from PowerShell (If you're on Linux, the location from your shell). Note: If your on Windows, use the C:\ Drive Path. 

Professional Note: Use Notepad++ on Windows to create the file
https://notepad-plus-plus.org/

9. trust-policy.json file

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"",
         "Effect":"Allow",
         "Principal":{
            "Service":"vmie.amazonaws.com"
         },
         "Action":"sts:AssumeRole",
         "Condition":{
            "StringEquals":{
               "sts:ExternalId":"vmimport"
            }
         }
      }
   ]

}

10. role-policy.json file

{
 "Version":"2012-10-17",
 "Statement":[
 {
 "Effect":"Allow",
 "Action":[
 "s3:GetBucketLocation",
 "s3:GetObject",
 "s3:ListBucket"
 ],
 "Resource":[
 "arn:aws:s3:::disk-image-file-bucket",
 "arn:aws:s3:::disk-image-file-bucket/*"
 ]
 },
 {
 "Effect":"Allow",
 "Action":[
 "ec2:ModifySnapshotAttribute",
 "ec2:CopySnapshot",
 "ec2:RegisterImage",
 "ec2:Describe*"
 ],
 "Resource":"*"
 }
 ]
}

11. You import the policies from your machine using a local path. Drive Shares (e.g. Google Drive, etc seem to complain).

PS C:\Users\username> aws iam create-role --role-name vmimport --assume-role-policy-document file://C:\Users\username\Documents\AWS\s3\trust-policy.json

PS C:\Users\usernamet> aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://C:\Users\username\Documents\AWS\s3\role-policy.json

Page 14-15 of https://docs.aws.amazon.com/vm-import/latest/userguide/vm-import-ug.pdf

12. Create "containers.json" file.

[
  {
    "Description": "Bubba Lovey",
    "Format": "ova",
    "UserBucket": {
        "S3Bucket": "bubba-lab-lovey",
        "S3Key": "anykindofvm.ova"
    }
}]

13. aws ec2 import-image --description "FireEye CMS" --license-type BYOL --disk-containers file://C:\Users\username\Documents\AWS\s3\containers.json

NOTE: This is a Linux Image

You can check the status of the running job by using the "ImportTaskID" that was provided when you kicked off the job:





This blog saved the day. Credit has to go to Daniel Lopez Azana!

http://www.daniloaz.com/en/how-to-create-a-sentilo-aws-ec2-instance-from-an-ova-file/

https://rzn.id.au/tech/converting-an-ova-to-an-amazon-ami/ (Helpful)







Share:

0 comments:

Post a Comment